CVE-2026-41249 | CoreShop up to 5.1.0-beta.1 Pull static.yml code injection (GHSA-q58j-g3f4-h26h)

A vulnerability labeled as critical has been found in CoreShop up to 5.1.0-beta.1. Impacted is an unknown function of the file github/workflows/static.yml of the component Pull Handler. The manipulation results in code injection.

This vulnerability is identified as CVE-2026-41249. The attack can be executed remotely. There is not any exploit available.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More